News Heading - 1

Data of Nearly 11 Million Customers Exposed in HCA Healthcare Data Breach

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

HCA Healthcare in a press release confirmed the alleged data breach incident that exposed personal information of around 11 million patients who received care at their clinics and hospitals. The incident came to light on July 5, 2023, when an unknown threat actor published samples of stolen data on a hacking forum.

The published data allegedly contained 17 files with 27.7 million rows of information. Initially, the data was not available for sale, rather the threat actor used a post wherein it threatened to publish the data if its demands were not met by HCA by July 10th. On receiving no response from the company, the hacker put the full database for sale and is open to receiving offers from interested parties.

The company in its investigation has confirmed the authenticity of the posted data which was apparently stolen from an ‘’external storage location.’’ The information stored in the location was used for sending promotional and follow-up email messages to patients. The investigation which was carried out with the help of third-party cybersecurity experts revealed that compromised information included patients’ names, address, email, telephone number, date of birth, gender, patient’s scheduled hospital or care center appointment dates and locations.

The stolen data does not include any clinical and financial information of the patient, nor any other sensitive data like passwords, social security numbers or driver’s license information. In the statement, the company stated that there was no disruption in any of its care and service programs nor its day-to-day operations. ‘’Based on the information known at this time, the company does not believe the incident will materially impact its business, operations, or financial results,’’ noted HCA.

The healthcare provider has notified the appropriate law enforcement authorities and has retained services of external forensic and threat intelligence experts. It continues the investigation to ensure that its networks and systems are free from access by any unknown threat actors. HCA deployed containment measures, including disabling user access to the hacked storage location and announced support for impacted patients, including credit monitoring and identity protection services, where appropriate.

HCA Healthcare is a US-based healthcare services company that comprises 182 hospitals and 2,300+ care centers across the US and UK.

News Heading - 2
  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A new ransomware strain was recently discovered by security researchers and is said to be distributed through a malvertising campaign which promotes fake Windows updates and Microsoft Word installers.

The ransomware dubbed ‘’Big Head’’ was first discovered by security researchers at FortiGuard Labs and later Trend Micro published a report in which it claimed that both the previously identified variants as well as a third variant was the work of a single threat actor.

The ransomware which features .Net binary has the ability to deploy AES-encrypted files on the victim’s system: first one (1.exe) is used to propagate the malware, second one (archive.exe) is used to communicate with the threat actor’s Telegram channel and third one (Xarch.exe) displays a bogus Windows update.

Similar to other ransomware, it performs several checks and inspections to decide whether to execute or self-terminate. Before executing file encryption, the ransomware checks if its running in a virtual environment, deletes recovery backup, terminates processes, and avoids directories that can expose its presence.

Moreover, the malware’s capability includes disabling the Task Manager to prevent the victim from terminating or investigating its activities. It also uses its self-terminating techniques is the user’s machine language matches the country code of Russian, Belarusian, Ukrainian, Kazakh, Kyrgyz, Armenian, Georgian, Tatar, and Uzbek.

Two more variants of Big Head were identified by Trend Micro. The second Big Head variant has both ransomware and info-stealer capabilities. It exfiltrates various sensitive data from the user’s system including product keys, list of directories and running processes, browsing history, operating network, and helps capture screenshots.

The third variant includes a file infector identified as Neshta which infects the target’s machine by inserting a malicious code into executable files. Usage of this technique can disguise the threat as a virus, thus making it difficult for security solutions to detect the ransomware.

The threat actor behind the ransomware remains unknown, however, researchers at Trend Micro speculate it to have Indonesian origins based on the YouTube name which is a phrase in Bahasa. Moreover, the researchers have also issued a security warning keeping in mind the multi-faceted nature of the ransomware.